google-cloud-iap-v1 1.2.0 → 1.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 202a2cf86212bbdddb24d2e0279778a9862e19cefafb4724bad6dc8c47e38e3c
-  data.tar.gz: b0d412145b4949dfffd42cb7796e98aefea6d5afa0b5a7ed39db2176855506bc
+  metadata.gz: 7d72bb6036f410910ccbed4239ec28f48167f0e378ac1f824edb53b54af209c6
+  data.tar.gz: 13f7430319b863296efef6a1752df4e43f9a5ddf308ca3175026dcbbce90a1c7
 SHA512:
-  metadata.gz: 1dec44cedae346b77d270dcf706aba8839295e95c7a85b00cdc48d322aabd245907b55a44cb102910cf275ac1f75cc9e4e4a88d6b58eac572bbea3d830066b50
-  data.tar.gz: f1deb1fc05cd0157c81d4d0704a94ba38caac1adbebef7deb843ba6bb890c161600b183487a1282035f3ad56d7a5d0676bf6733aecef5eb6eb56dfbfb5a7dbcb
+  metadata.gz: 052ffd2d2d33641d2113b346e59123105a448b35e0b414370117903a3e91ed33d1e5a09a3a7fccaf2c305869af7c3b4641135460136dcd446e2439a0021a9719
+  data.tar.gz: 6963dff4a65f0fadf1ee9c05ec71d7eda514cc19c9681eef0b4202df5d00f02723f7c92540cc8bda089f8b3bd6f9a88224f6cba7d4746c3d23a5bc40a35fceea

data/lib/google/cloud/iap/v1/identity_aware_proxy_admin_service/client.rb

@@ -653,6 +653,95 @@ module Google
               raise ::Google::Cloud::Error.from_error(e)
             end
 
+            ##
+            # Validates that a given CEL expression conforms to IAP restrictions.
+            #
+            # @overload validate_iap_attribute_expression(request, options = nil)
+            #   Pass arguments to `validate_iap_attribute_expression` via a request object, either of type
+            #   {::Google::Cloud::Iap::V1::ValidateIapAttributeExpressionRequest} or an equivalent Hash.
+            #
+            #   @param request [::Google::Cloud::Iap::V1::ValidateIapAttributeExpressionRequest, ::Hash]
+            #     A request object representing the call parameters. Required. To specify no
+            #     parameters, or to keep all the default parameter values, pass an empty Hash.
+            #   @param options [::Gapic::CallOptions, ::Hash]
+            #     Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
+            #
+            # @overload validate_iap_attribute_expression(name: nil, expression: nil)
+            #   Pass arguments to `validate_iap_attribute_expression` via keyword arguments. Note that at
+            #   least one keyword argument is required. To specify no parameters, or to keep all
+            #   the default parameter values, pass an empty Hash as a request object (see above).
+            #
+            #   @param name [::String]
+            #     Required. The resource name of the IAP protected resource.
+            #   @param expression [::String]
+            #     Required. User input string expression. Should be of the form
+            #     `attributes.saml_attributes.filter(attribute, attribute.name in
+            #     ['\\{attribute_name}', '\\{attribute_name}'])`
+            #
+            # @yield [response, operation] Access the result along with the RPC operation
+            # @yieldparam response [::Google::Cloud::Iap::V1::ValidateIapAttributeExpressionResponse]
+            # @yieldparam operation [::GRPC::ActiveCall::Operation]
+            #
+            # @return [::Google::Cloud::Iap::V1::ValidateIapAttributeExpressionResponse]
+            #
+            # @raise [::Google::Cloud::Error] if the RPC is aborted.
+            #
+            # @example Basic example
+            #   require "google/cloud/iap/v1"
+            #
+            #   # Create a client object. The client can be reused for multiple calls.
+            #   client = Google::Cloud::Iap::V1::IdentityAwareProxyAdminService::Client.new
+            #
+            #   # Create a request. To set request fields, pass in keyword arguments.
+            #   request = Google::Cloud::Iap::V1::ValidateIapAttributeExpressionRequest.new
+            #
+            #   # Call the validate_iap_attribute_expression method.
+            #   result = client.validate_iap_attribute_expression request
+            #
+            #   # The returned object is of type Google::Cloud::Iap::V1::ValidateIapAttributeExpressionResponse.
+            #   p result
+            #
+            def validate_iap_attribute_expression request, options = nil
+              raise ::ArgumentError, "request must be provided" if request.nil?
+
+              request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::Iap::V1::ValidateIapAttributeExpressionRequest
+
+              # Converts hash and nil to an options object
+              options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h
+
+              # Customize the options with defaults
+              metadata = @config.rpcs.validate_iap_attribute_expression.metadata.to_h
+
+              # Set x-goog-api-client, x-goog-user-project and x-goog-api-version headers
+              metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
+                lib_name: @config.lib_name, lib_version: @config.lib_version,
+                gapic_version: ::Google::Cloud::Iap::V1::VERSION
+              metadata[:"x-goog-api-version"] = API_VERSION unless API_VERSION.empty?
+              metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id
+
+              header_params = {}
+              if request.name
+                header_params["name"] = request.name
+              end
+
+              request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
+              metadata[:"x-goog-request-params"] ||= request_params_header
+
+              options.apply_defaults timeout:      @config.rpcs.validate_iap_attribute_expression.timeout,
+                                     metadata:     metadata,
+                                     retry_policy: @config.rpcs.validate_iap_attribute_expression.retry_policy
+
+              options.apply_defaults timeout:      @config.timeout,
+                                     metadata:     @config.metadata,
+                                     retry_policy: @config.retry_policy
+
+              @identity_aware_proxy_admin_service_stub.call_rpc :validate_iap_attribute_expression, request, options: options do |response, operation|
+                yield response, operation if block_given?
+              end
+            rescue ::GRPC::BadStatus => e
+              raise ::Google::Cloud::Error.from_error(e)
+            end
+
             ##
             # Lists the existing TunnelDestGroups. To group across all locations, use a
             # `-` as the location ID. For example:
@@ -1311,6 +1400,11 @@ module Google
                 #
                 attr_reader :update_iap_settings
                 ##
+                # RPC-specific configuration for `validate_iap_attribute_expression`
+                # @return [::Gapic::Config::Method]
+                #
+                attr_reader :validate_iap_attribute_expression
+                ##
                 # RPC-specific configuration for `list_tunnel_dest_groups`
                 # @return [::Gapic::Config::Method]
                 #
@@ -1348,6 +1442,8 @@ module Google
                   @get_iap_settings = ::Gapic::Config::Method.new get_iap_settings_config
                   update_iap_settings_config = parent_rpcs.update_iap_settings if parent_rpcs.respond_to? :update_iap_settings
                   @update_iap_settings = ::Gapic::Config::Method.new update_iap_settings_config
+                  validate_iap_attribute_expression_config = parent_rpcs.validate_iap_attribute_expression if parent_rpcs.respond_to? :validate_iap_attribute_expression
+                  @validate_iap_attribute_expression = ::Gapic::Config::Method.new validate_iap_attribute_expression_config
                   list_tunnel_dest_groups_config = parent_rpcs.list_tunnel_dest_groups if parent_rpcs.respond_to? :list_tunnel_dest_groups
                   @list_tunnel_dest_groups = ::Gapic::Config::Method.new list_tunnel_dest_groups_config
                   create_tunnel_dest_group_config = parent_rpcs.create_tunnel_dest_group if parent_rpcs.respond_to? :create_tunnel_dest_group

data/lib/google/cloud/iap/v1/identity_aware_proxy_admin_service/rest/client.rb

@@ -611,6 +611,88 @@ module Google
                 raise ::Google::Cloud::Error.from_error(e)
               end
 
+              ##
+              # Validates that a given CEL expression conforms to IAP restrictions.
+              #
+              # @overload validate_iap_attribute_expression(request, options = nil)
+              #   Pass arguments to `validate_iap_attribute_expression` via a request object, either of type
+              #   {::Google::Cloud::Iap::V1::ValidateIapAttributeExpressionRequest} or an equivalent Hash.
+              #
+              #   @param request [::Google::Cloud::Iap::V1::ValidateIapAttributeExpressionRequest, ::Hash]
+              #     A request object representing the call parameters. Required. To specify no
+              #     parameters, or to keep all the default parameter values, pass an empty Hash.
+              #   @param options [::Gapic::CallOptions, ::Hash]
+              #     Overrides the default settings for this call, e.g, timeout, retries etc. Optional.
+              #
+              # @overload validate_iap_attribute_expression(name: nil, expression: nil)
+              #   Pass arguments to `validate_iap_attribute_expression` via keyword arguments. Note that at
+              #   least one keyword argument is required. To specify no parameters, or to keep all
+              #   the default parameter values, pass an empty Hash as a request object (see above).
+              #
+              #   @param name [::String]
+              #     Required. The resource name of the IAP protected resource.
+              #   @param expression [::String]
+              #     Required. User input string expression. Should be of the form
+              #     `attributes.saml_attributes.filter(attribute, attribute.name in
+              #     ['\\{attribute_name}', '\\{attribute_name}'])`
+              # @yield [result, operation] Access the result along with the TransportOperation object
+              # @yieldparam result [::Google::Cloud::Iap::V1::ValidateIapAttributeExpressionResponse]
+              # @yieldparam operation [::Gapic::Rest::TransportOperation]
+              #
+              # @return [::Google::Cloud::Iap::V1::ValidateIapAttributeExpressionResponse]
+              #
+              # @raise [::Google::Cloud::Error] if the REST call is aborted.
+              #
+              # @example Basic example
+              #   require "google/cloud/iap/v1"
+              #
+              #   # Create a client object. The client can be reused for multiple calls.
+              #   client = Google::Cloud::Iap::V1::IdentityAwareProxyAdminService::Rest::Client.new
+              #
+              #   # Create a request. To set request fields, pass in keyword arguments.
+              #   request = Google::Cloud::Iap::V1::ValidateIapAttributeExpressionRequest.new
+              #
+              #   # Call the validate_iap_attribute_expression method.
+              #   result = client.validate_iap_attribute_expression request
+              #
+              #   # The returned object is of type Google::Cloud::Iap::V1::ValidateIapAttributeExpressionResponse.
+              #   p result
+              #
+              def validate_iap_attribute_expression request, options = nil
+                raise ::ArgumentError, "request must be provided" if request.nil?
+
+                request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::Iap::V1::ValidateIapAttributeExpressionRequest
+
+                # Converts hash and nil to an options object
+                options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h
+
+                # Customize the options with defaults
+                call_metadata = @config.rpcs.validate_iap_attribute_expression.metadata.to_h
+
+                # Set x-goog-api-client, x-goog-user-project and x-goog-api-version headers
+                call_metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
+                  lib_name: @config.lib_name, lib_version: @config.lib_version,
+                  gapic_version: ::Google::Cloud::Iap::V1::VERSION,
+                  transports_version_send: [:rest]
+
+                call_metadata[:"x-goog-api-version"] = API_VERSION unless API_VERSION.empty?
+                call_metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id
+
+                options.apply_defaults timeout:      @config.rpcs.validate_iap_attribute_expression.timeout,
+                                       metadata:     call_metadata,
+                                       retry_policy: @config.rpcs.validate_iap_attribute_expression.retry_policy
+
+                options.apply_defaults timeout:      @config.timeout,
+                                       metadata:     @config.metadata,
+                                       retry_policy: @config.retry_policy
+
+                @identity_aware_proxy_admin_service_stub.validate_iap_attribute_expression request, options do |result, operation|
+                  yield result, operation if block_given?
+                end
+              rescue ::Gapic::Rest::Error => e
+                raise ::Google::Cloud::Error.from_error(e)
+              end
+
               ##
               # Lists the existing TunnelDestGroups. To group across all locations, use a
               # `-` as the location ID. For example:
@@ -1214,6 +1296,11 @@ module Google
                   #
                   attr_reader :update_iap_settings
                   ##
+                  # RPC-specific configuration for `validate_iap_attribute_expression`
+                  # @return [::Gapic::Config::Method]
+                  #
+                  attr_reader :validate_iap_attribute_expression
+                  ##
                   # RPC-specific configuration for `list_tunnel_dest_groups`
                   # @return [::Gapic::Config::Method]
                   #
@@ -1251,6 +1338,8 @@ module Google
                     @get_iap_settings = ::Gapic::Config::Method.new get_iap_settings_config
                     update_iap_settings_config = parent_rpcs.update_iap_settings if parent_rpcs.respond_to? :update_iap_settings
                     @update_iap_settings = ::Gapic::Config::Method.new update_iap_settings_config
+                    validate_iap_attribute_expression_config = parent_rpcs.validate_iap_attribute_expression if parent_rpcs.respond_to? :validate_iap_attribute_expression
+                    @validate_iap_attribute_expression = ::Gapic::Config::Method.new validate_iap_attribute_expression_config
                     list_tunnel_dest_groups_config = parent_rpcs.list_tunnel_dest_groups if parent_rpcs.respond_to? :list_tunnel_dest_groups
                     @list_tunnel_dest_groups = ::Gapic::Config::Method.new list_tunnel_dest_groups_config
                     create_tunnel_dest_group_config = parent_rpcs.create_tunnel_dest_group if parent_rpcs.respond_to? :create_tunnel_dest_group

data/lib/google/cloud/iap/v1/identity_aware_proxy_admin_service/rest/service_stub.rb

@@ -273,6 +273,46 @@ module Google
                 end
               end
 
+              ##
+              # Baseline implementation for the validate_iap_attribute_expression REST call
+              #
+              # @param request_pb [::Google::Cloud::Iap::V1::ValidateIapAttributeExpressionRequest]
+              #   A request object representing the call parameters. Required.
+              # @param options [::Gapic::CallOptions]
+              #   Overrides the default settings for this call, e.g, timeout, retries etc. Optional.
+              #
+              # @yield [result, operation] Access the result along with the TransportOperation object
+              # @yieldparam result [::Google::Cloud::Iap::V1::ValidateIapAttributeExpressionResponse]
+              # @yieldparam operation [::Gapic::Rest::TransportOperation]
+              #
+              # @return [::Google::Cloud::Iap::V1::ValidateIapAttributeExpressionResponse]
+              #   A result object deserialized from the server's reply
+              def validate_iap_attribute_expression request_pb, options = nil
+                raise ::ArgumentError, "request must be provided" if request_pb.nil?
+
+                verb, uri, query_string_params, body = ServiceStub.transcode_validate_iap_attribute_expression_request request_pb
+                query_string_params = if query_string_params.any?
+                                        query_string_params.to_h { |p| p.split "=", 2 }
+                                      else
+                                        {}
+                                      end
+
+                response = @client_stub.make_http_request(
+                  verb,
+                  uri: uri,
+                  body: body || "",
+                  params: query_string_params,
+                  method_name: "validate_iap_attribute_expression",
+                  options: options
+                )
+                operation = ::Gapic::Rest::TransportOperation.new response
+                result = ::Google::Cloud::Iap::V1::ValidateIapAttributeExpressionResponse.decode_json response.body, ignore_unknown_fields: true
+                catch :response do
+                  yield result, operation if block_given?
+                  result
+                end
+              end
+
               ##
               # Baseline implementation for the list_tunnel_dest_groups REST call
               #
@@ -582,6 +622,27 @@ module Google
                 transcoder.transcode request_pb
               end
 
+              ##
+              # @private
+              #
+              # GRPC transcoding helper method for the validate_iap_attribute_expression REST call
+              #
+              # @param request_pb [::Google::Cloud::Iap::V1::ValidateIapAttributeExpressionRequest]
+              #   A request object representing the call parameters. Required.
+              # @return [Array(String, [String, nil], Hash{String => String})]
+              #   Uri, Body, Query string parameters
+              def self.transcode_validate_iap_attribute_expression_request request_pb
+                transcoder = Gapic::Rest::GrpcTranscoder.new
+                                                        .with_bindings(
+                                                          uri_method: :post,
+                                                          uri_template: "/v1/{name}:validateAttributeExpression",
+                                                          matches: [
+                                                            ["name", %r{^.*$}, true]
+                                                          ]
+                                                        )
+                transcoder.transcode request_pb
+              end
+
               ##
               # @private
               #

data/lib/google/cloud/iap/v1/service_pb.rb

@@ -16,7 +16,7 @@ require 'google/protobuf/field_mask_pb'
 require 'google/protobuf/wrappers_pb'
 
 
-descriptor_data = "\n!google/cloud/iap/v1/service.proto\x12\x13google.cloud.iap.v1\x1a\x1cgoogle/api/annotations.proto\x1a\x17google/api/client.proto\x1a\x1fgoogle/api/field_behavior.proto\x1a\x19google/api/resource.proto\x1a\x1egoogle/iam/v1/iam_policy.proto\x1a\x1agoogle/iam/v1/policy.proto\x1a\x1egoogle/protobuf/duration.proto\x1a\x1bgoogle/protobuf/empty.proto\x1a google/protobuf/field_mask.proto\x1a\x1egoogle/protobuf/wrappers.proto\"\x7f\n\x1bListTunnelDestGroupsRequest\x12\x39\n\x06parent\x18\x01 \x01(\tB)\xe0\x41\x02\xfa\x41#\n!iap.googleapis.com/TunnelLocation\x12\x11\n\tpage_size\x18\x02 \x01(\x05\x12\x12\n\npage_token\x18\x03 \x01(\t\"y\n\x1cListTunnelDestGroupsResponse\x12@\n\x12tunnel_dest_groups\x18\x01 \x03(\x0b\x32$.google.cloud.iap.v1.TunnelDestGroup\x12\x17\n\x0fnext_page_token\x18\x02 \x01(\t\"\xc3\x01\n\x1c\x43reateTunnelDestGroupRequest\x12:\n\x06parent\x18\x01 \x01(\tB*\xe0\x41\x02\xfa\x41$\x12\"iap.googleapis.com/TunnelDestGroup\x12\x44\n\x11tunnel_dest_group\x18\x02 \x01(\x0b\x32$.google.cloud.iap.v1.TunnelDestGroupB\x03\xe0\x41\x02\x12!\n\x14tunnel_dest_group_id\x18\x03 \x01(\tB\x03\xe0\x41\x02\"U\n\x19GetTunnelDestGroupRequest\x12\x38\n\x04name\x18\x01 \x01(\tB*\xe0\x41\x02\xfa\x41$\n\"iap.googleapis.com/TunnelDestGroup\"X\n\x1c\x44\x65leteTunnelDestGroupRequest\x12\x38\n\x04name\x18\x01 \x01(\tB*\xe0\x41\x02\xfa\x41$\n\"iap.googleapis.com/TunnelDestGroup\"\x95\x01\n\x1cUpdateTunnelDestGroupRequest\x12\x44\n\x11tunnel_dest_group\x18\x01 \x01(\x0b\x32$.google.cloud.iap.v1.TunnelDestGroupB\x03\xe0\x41\x02\x12/\n\x0bupdate_mask\x18\x02 \x01(\x0b\x32\x1a.google.protobuf.FieldMask\"\xc4\x01\n\x0fTunnelDestGroup\x12\x14\n\x04name\x18\x01 \x01(\tB\x06\xe0\x41\x02\xe0\x41\x05\x12\x12\n\x05\x63idrs\x18\x02 \x03(\tB\x03\xe0\x41\x06\x12\x12\n\x05\x66qdns\x18\x03 \x03(\tB\x03\xe0\x41\x06:s\xea\x41p\n\"iap.googleapis.com/TunnelDestGroup\x12Jprojects/{project}/iap_tunnel/locations/{location}/destGroups/{dest_group}\"*\n\x15GetIapSettingsRequest\x12\x11\n\x04name\x18\x01 \x01(\tB\x03\xe0\x41\x02\"\x88\x01\n\x18UpdateIapSettingsRequest\x12;\n\x0ciap_settings\x18\x01 \x01(\x0b\x32 .google.cloud.iap.v1.IapSettingsB\x03\xe0\x41\x02\x12/\n\x0bupdate_mask\x18\x02 \x01(\x0b\x32\x1a.google.protobuf.FieldMask\"\xa6\x01\n\x0bIapSettings\x12\x11\n\x04name\x18\x01 \x01(\tB\x03\xe0\x41\x02\x12<\n\x0f\x61\x63\x63\x65ss_settings\x18\x05 \x01(\x0b\x32#.google.cloud.iap.v1.AccessSettings\x12\x46\n\x14\x61pplication_settings\x18\x06 \x01(\x0b\x32(.google.cloud.iap.v1.ApplicationSettings\"\xcd\x02\n\x0e\x41\x63\x63\x65ssSettings\x12\x38\n\rgcip_settings\x18\x01 \x01(\x0b\x32!.google.cloud.iap.v1.GcipSettings\x12\x38\n\rcors_settings\x18\x02 \x01(\x0b\x32!.google.cloud.iap.v1.CorsSettings\x12:\n\x0eoauth_settings\x18\x03 \x01(\x0b\x32\".google.cloud.iap.v1.OAuthSettings\x12<\n\x0freauth_settings\x18\x06 \x01(\x0b\x32#.google.cloud.iap.v1.ReauthSettings\x12M\n\x18\x61llowed_domains_settings\x18\x07 \x01(\x0b\x32+.google.cloud.iap.v1.AllowedDomainsSettings\"X\n\x0cGcipSettings\x12\x12\n\ntenant_ids\x18\x01 \x03(\t\x12\x34\n\x0elogin_page_uri\x18\x02 \x01(\x0b\x32\x1c.google.protobuf.StringValue\"F\n\x0c\x43orsSettings\x12\x36\n\x12\x61llow_http_options\x18\x01 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\"_\n\rOAuthSettings\x12\x30\n\nlogin_hint\x18\x02 \x01(\x0b\x32\x1c.google.protobuf.StringValue\x12\x1c\n\x14programmatic_clients\x18\x05 \x03(\t\"\xee\x02\n\x0eReauthSettings\x12:\n\x06method\x18\x01 \x01(\x0e\x32*.google.cloud.iap.v1.ReauthSettings.Method\x12*\n\x07max_age\x18\x02 \x01(\x0b\x32\x19.google.protobuf.Duration\x12\x43\n\x0bpolicy_type\x18\x03 \x01(\x0e\x32..google.cloud.iap.v1.ReauthSettings.PolicyType\"j\n\x06Method\x12\x16\n\x12METHOD_UNSPECIFIED\x10\x00\x12\t\n\x05LOGIN\x10\x01\x12\x10\n\x08PASSWORD\x10\x02\x1a\x02\x08\x01\x12\x0e\n\nSECURE_KEY\x10\x03\x12\x1b\n\x17\x45NROLLED_SECOND_FACTORS\x10\x04\"C\n\nPolicyType\x12\x1b\n\x17POLICY_TYPE_UNSPECIFIED\x10\x00\x12\x0b\n\x07MINIMUM\x10\x01\x12\x0b\n\x07\x44\x45\x46\x41ULT\x10\x02\"I\n\x16\x41llowedDomainsSettings\x12\x13\n\x06\x65nable\x18\x01 \x01(\x08H\x00\x88\x01\x01\x12\x0f\n\x07\x64omains\x18\x02 \x03(\tB\t\n\x07_enable\"\xb1\x02\n\x13\x41pplicationSettings\x12\x36\n\x0c\x63sm_settings\x18\x01 \x01(\x0b\x32 .google.cloud.iap.v1.CsmSettings\x12R\n\x1b\x61\x63\x63\x65ss_denied_page_settings\x18\x02 \x01(\x0b\x32-.google.cloud.iap.v1.AccessDeniedPageSettings\x12\x33\n\rcookie_domain\x18\x03 \x01(\x0b\x32\x1c.google.protobuf.StringValue\x12Y\n\x1e\x61ttribute_propagation_settings\x18\x04 \x01(\x0b\x32\x31.google.cloud.iap.v1.AttributePropagationSettings\"@\n\x0b\x43smSettings\x12\x31\n\x0brctoken_aud\x18\x01 \x01(\x0b\x32\x1c.google.protobuf.StringValue\"\x92\x02\n\x18\x41\x63\x63\x65ssDeniedPageSettings\x12<\n\x16\x61\x63\x63\x65ss_denied_page_uri\x18\x01 \x01(\x0b\x32\x1c.google.protobuf.StringValue\x12@\n\x1cgenerate_troubleshooting_uri\x18\x02 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12M\n$remediation_token_generation_enabled\x18\x03 \x01(\x0b\x32\x1a.google.protobuf.BoolValueH\x00\x88\x01\x01\x42\'\n%_remediation_token_generation_enabled\"\xa2\x02\n\x1c\x41ttributePropagationSettings\x12\x17\n\nexpression\x18\x01 \x01(\tH\x00\x88\x01\x01\x12_\n\x12output_credentials\x18\x02 \x03(\x0e\x32\x43.google.cloud.iap.v1.AttributePropagationSettings.OutputCredentials\x12\x13\n\x06\x65nable\x18\x03 \x01(\x08H\x01\x88\x01\x01\"Y\n\x11OutputCredentials\x12\"\n\x1eOUTPUT_CREDENTIALS_UNSPECIFIED\x10\x00\x12\n\n\x06HEADER\x10\x01\x12\x07\n\x03JWT\x10\x02\x12\x0b\n\x07RCTOKEN\x10\x03\x42\r\n\x0b_expressionB\t\n\x07_enable\"(\n\x11ListBrandsRequest\x12\x13\n\x06parent\x18\x01 \x01(\tB\x03\xe0\x41\x02\"@\n\x12ListBrandsResponse\x12*\n\x06\x62rands\x18\x01 \x03(\x0b\x32\x1a.google.cloud.iap.v1.Brand\"Y\n\x12\x43reateBrandRequest\x12\x13\n\x06parent\x18\x01 \x01(\tB\x03\xe0\x41\x02\x12.\n\x05\x62rand\x18\x02 \x01(\x0b\x32\x1a.google.cloud.iap.v1.BrandB\x03\xe0\x41\x02\"$\n\x0fGetBrandRequest\x12\x11\n\x04name\x18\x01 \x01(\tB\x03\xe0\x41\x02\"b\n$ListIdentityAwareProxyClientsRequest\x12\x13\n\x06parent\x18\x01 \x01(\tB\x03\xe0\x41\x02\x12\x11\n\tpage_size\x18\x02 \x01(\x05\x12\x12\n\npage_token\x18\x03 \x01(\t\"\x95\x01\n%ListIdentityAwareProxyClientsResponse\x12S\n\x1cidentity_aware_proxy_clients\x18\x01 \x03(\x0b\x32-.google.cloud.iap.v1.IdentityAwareProxyClient\x12\x17\n\x0fnext_page_token\x18\x02 \x01(\t\"\x95\x01\n%CreateIdentityAwareProxyClientRequest\x12\x13\n\x06parent\x18\x01 \x01(\tB\x03\xe0\x41\x02\x12W\n\x1bidentity_aware_proxy_client\x18\x02 \x01(\x0b\x32-.google.cloud.iap.v1.IdentityAwareProxyClientB\x03\xe0\x41\x02\"7\n\"GetIdentityAwareProxyClientRequest\x12\x11\n\x04name\x18\x01 \x01(\tB\x03\xe0\x41\x02\"?\n*ResetIdentityAwareProxyClientSecretRequest\x12\x11\n\x04name\x18\x01 \x01(\tB\x03\xe0\x41\x02\":\n%DeleteIdentityAwareProxyClientRequest\x12\x11\n\x04name\x18\x01 \x01(\tB\x03\xe0\x41\x02\"l\n\x05\x42rand\x12\x11\n\x04name\x18\x01 \x01(\tB\x03\xe0\x41\x03\x12\x15\n\rsupport_email\x18\x02 \x01(\t\x12\x19\n\x11\x61pplication_title\x18\x03 \x01(\t\x12\x1e\n\x11org_internal_only\x18\x04 \x01(\x08\x42\x03\xe0\x41\x03\"X\n\x18IdentityAwareProxyClient\x12\x11\n\x04name\x18\x01 \x01(\tB\x03\xe0\x41\x03\x12\x13\n\x06secret\x18\x02 \x01(\tB\x03\xe0\x41\x03\x12\x14\n\x0c\x64isplay_name\x18\x03 \x01(\t2\xc0\x0e\n\x1eIdentityAwareProxyAdminService\x12t\n\x0cSetIamPolicy\x12\".google.iam.v1.SetIamPolicyRequest\x1a\x15.google.iam.v1.Policy\")\x82\xd3\xe4\x93\x02#\"\x1e/v1/{resource=**}:setIamPolicy:\x01*\x12t\n\x0cGetIamPolicy\x12\".google.iam.v1.GetIamPolicyRequest\x1a\x15.google.iam.v1.Policy\")\x82\xd3\xe4\x93\x02#\"\x1e/v1/{resource=**}:getIamPolicy:\x01*\x12\x9a\x01\n\x12TestIamPermissions\x12(.google.iam.v1.TestIamPermissionsRequest\x1a).google.iam.v1.TestIamPermissionsResponse\"/\x82\xd3\xe4\x93\x02)\"$/v1/{resource=**}:testIamPermissions:\x01*\x12\x81\x01\n\x0eGetIapSettings\x12*.google.cloud.iap.v1.GetIapSettingsRequest\x1a .google.cloud.iap.v1.IapSettings\"!\x82\xd3\xe4\x93\x02\x1b\x12\x19/v1/{name=**}:iapSettings\x12\xa2\x01\n\x11UpdateIapSettings\x12-.google.cloud.iap.v1.UpdateIapSettingsRequest\x1a .google.cloud.iap.v1.IapSettings\"<\x82\xd3\xe4\x93\x02\x36\x32&/v1/{iap_settings.name=**}:iapSettings:\x0ciap_settings\x12\xc7\x01\n\x14ListTunnelDestGroups\x12\x30.google.cloud.iap.v1.ListTunnelDestGroupsRequest\x1a\x31.google.cloud.iap.v1.ListTunnelDestGroupsResponse\"J\xda\x41\x06parent\x82\xd3\xe4\x93\x02;\x12\x39/v1/{parent=projects/*/iap_tunnel/locations/*}/destGroups\x12\xf7\x01\n\x15\x43reateTunnelDestGroup\x12\x31.google.cloud.iap.v1.CreateTunnelDestGroupRequest\x1a$.google.cloud.iap.v1.TunnelDestGroup\"\x84\x01\xda\x41-parent,tunnel_dest_group,tunnel_dest_group_id\x82\xd3\xe4\x93\x02N\"9/v1/{parent=projects/*/iap_tunnel/locations/*}/destGroups:\x11tunnel_dest_group\x12\xb4\x01\n\x12GetTunnelDestGroup\x12..google.cloud.iap.v1.GetTunnelDestGroupRequest\x1a$.google.cloud.iap.v1.TunnelDestGroup\"H\xda\x41\x04name\x82\xd3\xe4\x93\x02;\x12\x39/v1/{name=projects/*/iap_tunnel/locations/*/destGroups/*}\x12\xac\x01\n\x15\x44\x65leteTunnelDestGroup\x12\x31.google.cloud.iap.v1.DeleteTunnelDestGroupRequest\x1a\x16.google.protobuf.Empty\"H\xda\x41\x04name\x82\xd3\xe4\x93\x02;*9/v1/{name=projects/*/iap_tunnel/locations/*/destGroups/*}\x12\xf9\x01\n\x15UpdateTunnelDestGroup\x12\x31.google.cloud.iap.v1.UpdateTunnelDestGroupRequest\x1a$.google.cloud.iap.v1.TunnelDestGroup\"\x86\x01\xda\x41\x1dtunnel_dest_group,update_mask\x82\xd3\xe4\x93\x02`2K/v1/{tunnel_dest_group.name=projects/*/iap_tunnel/locations/*/destGroups/*}:\x11tunnel_dest_group\x1a\x46\xca\x41\x12iap.googleapis.com\xd2\x41.https://www.googleapis.com/auth/cloud-platform2\xa8\x0c\n\x1eIdentityAwareProxyOAuthService\x12\x85\x01\n\nListBrands\x12&.google.cloud.iap.v1.ListBrandsRequest\x1a\'.google.cloud.iap.v1.ListBrandsResponse\"&\x82\xd3\xe4\x93\x02 \x12\x1e/v1/{parent=projects/*}/brands\x12\x81\x01\n\x0b\x43reateBrand\x12\'.google.cloud.iap.v1.CreateBrandRequest\x1a\x1a.google.cloud.iap.v1.Brand\"-\x82\xd3\xe4\x93\x02\'\"\x1e/v1/{parent=projects/*}/brands:\x05\x62rand\x12t\n\x08GetBrand\x12$.google.cloud.iap.v1.GetBrandRequest\x1a\x1a.google.cloud.iap.v1.Brand\"&\x82\xd3\xe4\x93\x02 \x12\x1e/v1/{name=projects/*/brands/*}\x12\xec\x01\n\x1e\x43reateIdentityAwareProxyClient\x12:.google.cloud.iap.v1.CreateIdentityAwareProxyClientRequest\x1a-.google.cloud.iap.v1.IdentityAwareProxyClient\"_\x82\xd3\xe4\x93\x02Y\":/v1/{parent=projects/*/brands/*}/identityAwareProxyClients:\x1bidentity_aware_proxy_client\x12\xda\x01\n\x1dListIdentityAwareProxyClients\x12\x39.google.cloud.iap.v1.ListIdentityAwareProxyClientsRequest\x1a:.google.cloud.iap.v1.ListIdentityAwareProxyClientsResponse\"B\x82\xd3\xe4\x93\x02<\x12:/v1/{parent=projects/*/brands/*}/identityAwareProxyClients\x12\xc9\x01\n\x1bGetIdentityAwareProxyClient\x12\x37.google.cloud.iap.v1.GetIdentityAwareProxyClientRequest\x1a-.google.cloud.iap.v1.IdentityAwareProxyClient\"B\x82\xd3\xe4\x93\x02<\x12:/v1/{name=projects/*/brands/*/identityAwareProxyClients/*}\x12\xe8\x01\n#ResetIdentityAwareProxyClientSecret\x12?.google.cloud.iap.v1.ResetIdentityAwareProxyClientSecretRequest\x1a-.google.cloud.iap.v1.IdentityAwareProxyClient\"Q\x82\xd3\xe4\x93\x02K\"F/v1/{name=projects/*/brands/*/identityAwareProxyClients/*}:resetSecret:\x01*\x12\xb8\x01\n\x1e\x44\x65leteIdentityAwareProxyClient\x12:.google.cloud.iap.v1.DeleteIdentityAwareProxyClientRequest\x1a\x16.google.protobuf.Empty\"B\x82\xd3\xe4\x93\x02<*:/v1/{name=projects/*/brands/*/identityAwareProxyClients/*}\x1a\x46\xca\x41\x12iap.googleapis.com\xd2\x41.https://www.googleapis.com/auth/cloud-platformB\xe5\x01\n\x17\x63om.google.cloud.iap.v1P\x01Z)cloud.google.com/go/iap/apiv1/iappb;iappb\xaa\x02\x13Google.Cloud.Iap.V1\xca\x02\x13Google\\Cloud\\Iap\\V1\xea\x02\x16Google::Cloud::Iap::V1\xea\x41W\n!iap.googleapis.com/TunnelLocation\x12\x32projects/{project}/iap_tunnel/locations/{location}b\x06proto3"
+descriptor_data = "\n!google/cloud/iap/v1/service.proto\x12\x13google.cloud.iap.v1\x1a\x1cgoogle/api/annotations.proto\x1a\x17google/api/client.proto\x1a\x1fgoogle/api/field_behavior.proto\x1a\x19google/api/resource.proto\x1a\x1egoogle/iam/v1/iam_policy.proto\x1a\x1agoogle/iam/v1/policy.proto\x1a\x1egoogle/protobuf/duration.proto\x1a\x1bgoogle/protobuf/empty.proto\x1a google/protobuf/field_mask.proto\x1a\x1egoogle/protobuf/wrappers.proto\"\x7f\n\x1bListTunnelDestGroupsRequest\x12\x39\n\x06parent\x18\x01 \x01(\tB)\xe0\x41\x02\xfa\x41#\n!iap.googleapis.com/TunnelLocation\x12\x11\n\tpage_size\x18\x02 \x01(\x05\x12\x12\n\npage_token\x18\x03 \x01(\t\"y\n\x1cListTunnelDestGroupsResponse\x12@\n\x12tunnel_dest_groups\x18\x01 \x03(\x0b\x32$.google.cloud.iap.v1.TunnelDestGroup\x12\x17\n\x0fnext_page_token\x18\x02 \x01(\t\"\xc3\x01\n\x1c\x43reateTunnelDestGroupRequest\x12:\n\x06parent\x18\x01 \x01(\tB*\xe0\x41\x02\xfa\x41$\x12\"iap.googleapis.com/TunnelDestGroup\x12\x44\n\x11tunnel_dest_group\x18\x02 \x01(\x0b\x32$.google.cloud.iap.v1.TunnelDestGroupB\x03\xe0\x41\x02\x12!\n\x14tunnel_dest_group_id\x18\x03 \x01(\tB\x03\xe0\x41\x02\"U\n\x19GetTunnelDestGroupRequest\x12\x38\n\x04name\x18\x01 \x01(\tB*\xe0\x41\x02\xfa\x41$\n\"iap.googleapis.com/TunnelDestGroup\"X\n\x1c\x44\x65leteTunnelDestGroupRequest\x12\x38\n\x04name\x18\x01 \x01(\tB*\xe0\x41\x02\xfa\x41$\n\"iap.googleapis.com/TunnelDestGroup\"\x95\x01\n\x1cUpdateTunnelDestGroupRequest\x12\x44\n\x11tunnel_dest_group\x18\x01 \x01(\x0b\x32$.google.cloud.iap.v1.TunnelDestGroupB\x03\xe0\x41\x02\x12/\n\x0bupdate_mask\x18\x02 \x01(\x0b\x32\x1a.google.protobuf.FieldMask\"\xc7\x01\n\x0fTunnelDestGroup\x12\x11\n\x04name\x18\x01 \x01(\tB\x03\xe0\x41\x08\x12\x15\n\x05\x63idrs\x18\x02 \x03(\tB\x06\xe0\x41\x06\xe0\x41\x01\x12\x15\n\x05\x66qdns\x18\x03 \x03(\tB\x06\xe0\x41\x06\xe0\x41\x01:s\xea\x41p\n\"iap.googleapis.com/TunnelDestGroup\x12Jprojects/{project}/iap_tunnel/locations/{location}/destGroups/{dest_group}\"*\n\x15GetIapSettingsRequest\x12\x11\n\x04name\x18\x01 \x01(\tB\x03\xe0\x41\x02\"\x88\x01\n\x18UpdateIapSettingsRequest\x12;\n\x0ciap_settings\x18\x01 \x01(\x0b\x32 .google.cloud.iap.v1.IapSettingsB\x03\xe0\x41\x02\x12/\n\x0bupdate_mask\x18\x02 \x01(\x0b\x32\x1a.google.protobuf.FieldMask\"\xb0\x01\n\x0bIapSettings\x12\x11\n\x04name\x18\x01 \x01(\tB\x03\xe0\x41\x02\x12\x41\n\x0f\x61\x63\x63\x65ss_settings\x18\x05 \x01(\x0b\x32#.google.cloud.iap.v1.AccessSettingsB\x03\xe0\x41\x01\x12K\n\x14\x61pplication_settings\x18\x06 \x01(\x0b\x32(.google.cloud.iap.v1.ApplicationSettingsB\x03\xe0\x41\x01\"\xe9\x04\n\x0e\x41\x63\x63\x65ssSettings\x12=\n\rgcip_settings\x18\x01 \x01(\x0b\x32!.google.cloud.iap.v1.GcipSettingsB\x03\xe0\x41\x01\x12=\n\rcors_settings\x18\x02 \x01(\x0b\x32!.google.cloud.iap.v1.CorsSettingsB\x03\xe0\x41\x01\x12?\n\x0eoauth_settings\x18\x03 \x01(\x0b\x32\".google.cloud.iap.v1.OAuthSettingsB\x03\xe0\x41\x01\x12\x41\n\x0freauth_settings\x18\x06 \x01(\x0b\x32#.google.cloud.iap.v1.ReauthSettingsB\x03\xe0\x41\x01\x12R\n\x18\x61llowed_domains_settings\x18\x07 \x01(\x0b\x32+.google.cloud.iap.v1.AllowedDomainsSettingsB\x03\xe0\x41\x01\x12X\n\x1bworkforce_identity_settings\x18\t \x01(\x0b\x32..google.cloud.iap.v1.WorkforceIdentitySettingsB\x03\xe0\x41\x01\x12Q\n\x10identity_sources\x18\n \x03(\x0e\x32\x32.google.cloud.iap.v1.AccessSettings.IdentitySourceB\x03\xe0\x41\x01\"T\n\x0eIdentitySource\x12\x1f\n\x1bIDENTITY_SOURCE_UNSPECIFIED\x10\x00\x12!\n\x1dWORKFORCE_IDENTITY_FEDERATION\x10\x03\"]\n\x0cGcipSettings\x12\x17\n\ntenant_ids\x18\x01 \x03(\tB\x03\xe0\x41\x01\x12\x34\n\x0elogin_page_uri\x18\x02 \x01(\x0b\x32\x1c.google.protobuf.StringValue\"F\n\x0c\x43orsSettings\x12\x36\n\x12\x61llow_http_options\x18\x01 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\"d\n\rOAuthSettings\x12\x30\n\nlogin_hint\x18\x02 \x01(\x0b\x32\x1c.google.protobuf.StringValue\x12!\n\x14programmatic_clients\x18\x05 \x03(\tB\x03\xe0\x41\x01\"a\n\x19WorkforceIdentitySettings\x12\x17\n\x0fworkforce_pools\x18\x01 \x03(\t\x12+\n\x06oauth2\x18\x02 \x01(\x0b\x32\x1b.google.cloud.iap.v1.OAuth2\"Z\n\x06OAuth2\x12\x11\n\tclient_id\x18\x01 \x01(\t\x12\x1a\n\rclient_secret\x18\x02 \x01(\tB\x03\xe0\x41\x04\x12!\n\x14\x63lient_secret_sha256\x18\x03 \x01(\tB\x03\xe0\x41\x03\"\xfd\x02\n\x0eReauthSettings\x12?\n\x06method\x18\x01 \x01(\x0e\x32*.google.cloud.iap.v1.ReauthSettings.MethodB\x03\xe0\x41\x01\x12/\n\x07max_age\x18\x02 \x01(\x0b\x32\x19.google.protobuf.DurationB\x03\xe0\x41\x01\x12H\n\x0bpolicy_type\x18\x03 \x01(\x0e\x32..google.cloud.iap.v1.ReauthSettings.PolicyTypeB\x03\xe0\x41\x01\"j\n\x06Method\x12\x16\n\x12METHOD_UNSPECIFIED\x10\x00\x12\t\n\x05LOGIN\x10\x01\x12\x10\n\x08PASSWORD\x10\x02\x1a\x02\x08\x01\x12\x0e\n\nSECURE_KEY\x10\x03\x12\x1b\n\x17\x45NROLLED_SECOND_FACTORS\x10\x04\"C\n\nPolicyType\x12\x1b\n\x17POLICY_TYPE_UNSPECIFIED\x10\x00\x12\x0b\n\x07MINIMUM\x10\x01\x12\x0b\n\x07\x44\x45\x46\x41ULT\x10\x02\"S\n\x16\x41llowedDomainsSettings\x12\x18\n\x06\x65nable\x18\x01 \x01(\x08\x42\x03\xe0\x41\x01H\x00\x88\x01\x01\x12\x14\n\x07\x64omains\x18\x02 \x03(\tB\x03\xe0\x41\x01\x42\t\n\x07_enable\"\xc0\x02\n\x13\x41pplicationSettings\x12;\n\x0c\x63sm_settings\x18\x01 \x01(\x0b\x32 .google.cloud.iap.v1.CsmSettingsB\x03\xe0\x41\x01\x12W\n\x1b\x61\x63\x63\x65ss_denied_page_settings\x18\x02 \x01(\x0b\x32-.google.cloud.iap.v1.AccessDeniedPageSettingsB\x03\xe0\x41\x01\x12\x33\n\rcookie_domain\x18\x03 \x01(\x0b\x32\x1c.google.protobuf.StringValue\x12^\n\x1e\x61ttribute_propagation_settings\x18\x04 \x01(\x0b\x32\x31.google.cloud.iap.v1.AttributePropagationSettingsB\x03\xe0\x41\x01\"@\n\x0b\x43smSettings\x12\x31\n\x0brctoken_aud\x18\x01 \x01(\x0b\x32\x1c.google.protobuf.StringValue\"\x92\x02\n\x18\x41\x63\x63\x65ssDeniedPageSettings\x12<\n\x16\x61\x63\x63\x65ss_denied_page_uri\x18\x01 \x01(\x0b\x32\x1c.google.protobuf.StringValue\x12@\n\x1cgenerate_troubleshooting_uri\x18\x02 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12M\n$remediation_token_generation_enabled\x18\x03 \x01(\x0b\x32\x1a.google.protobuf.BoolValueH\x00\x88\x01\x01\x42\'\n%_remediation_token_generation_enabled\"\xb1\x02\n\x1c\x41ttributePropagationSettings\x12\x1c\n\nexpression\x18\x01 \x01(\tB\x03\xe0\x41\x01H\x00\x88\x01\x01\x12\x64\n\x12output_credentials\x18\x02 \x03(\x0e\x32\x43.google.cloud.iap.v1.AttributePropagationSettings.OutputCredentialsB\x03\xe0\x41\x01\x12\x18\n\x06\x65nable\x18\x03 \x01(\x08\x42\x03\xe0\x41\x01H\x01\x88\x01\x01\"Y\n\x11OutputCredentials\x12\"\n\x1eOUTPUT_CREDENTIALS_UNSPECIFIED\x10\x00\x12\n\n\x06HEADER\x10\x01\x12\x07\n\x03JWT\x10\x02\x12\x0b\n\x07RCTOKEN\x10\x03\x42\r\n\x0b_expressionB\t\n\x07_enable\"S\n%ValidateIapAttributeExpressionRequest\x12\x11\n\x04name\x18\x01 \x01(\tB\x03\xe0\x41\x02\x12\x17\n\nexpression\x18\x02 \x01(\tB\x03\xe0\x41\x02\"(\n&ValidateIapAttributeExpressionResponse\"(\n\x11ListBrandsRequest\x12\x13\n\x06parent\x18\x01 \x01(\tB\x03\xe0\x41\x02\"@\n\x12ListBrandsResponse\x12*\n\x06\x62rands\x18\x01 \x03(\x0b\x32\x1a.google.cloud.iap.v1.Brand\"Y\n\x12\x43reateBrandRequest\x12\x13\n\x06parent\x18\x01 \x01(\tB\x03\xe0\x41\x02\x12.\n\x05\x62rand\x18\x02 \x01(\x0b\x32\x1a.google.cloud.iap.v1.BrandB\x03\xe0\x41\x02\"$\n\x0fGetBrandRequest\x12\x11\n\x04name\x18\x01 \x01(\tB\x03\xe0\x41\x02\"b\n$ListIdentityAwareProxyClientsRequest\x12\x13\n\x06parent\x18\x01 \x01(\tB\x03\xe0\x41\x02\x12\x11\n\tpage_size\x18\x02 \x01(\x05\x12\x12\n\npage_token\x18\x03 \x01(\t\"\x95\x01\n%ListIdentityAwareProxyClientsResponse\x12S\n\x1cidentity_aware_proxy_clients\x18\x01 \x03(\x0b\x32-.google.cloud.iap.v1.IdentityAwareProxyClient\x12\x17\n\x0fnext_page_token\x18\x02 \x01(\t\"\x95\x01\n%CreateIdentityAwareProxyClientRequest\x12\x13\n\x06parent\x18\x01 \x01(\tB\x03\xe0\x41\x02\x12W\n\x1bidentity_aware_proxy_client\x18\x02 \x01(\x0b\x32-.google.cloud.iap.v1.IdentityAwareProxyClientB\x03\xe0\x41\x02\"7\n\"GetIdentityAwareProxyClientRequest\x12\x11\n\x04name\x18\x01 \x01(\tB\x03\xe0\x41\x02\"?\n*ResetIdentityAwareProxyClientSecretRequest\x12\x11\n\x04name\x18\x01 \x01(\tB\x03\xe0\x41\x02\":\n%DeleteIdentityAwareProxyClientRequest\x12\x11\n\x04name\x18\x01 \x01(\tB\x03\xe0\x41\x02\"l\n\x05\x42rand\x12\x11\n\x04name\x18\x01 \x01(\tB\x03\xe0\x41\x03\x12\x15\n\rsupport_email\x18\x02 \x01(\t\x12\x19\n\x11\x61pplication_title\x18\x03 \x01(\t\x12\x1e\n\x11org_internal_only\x18\x04 \x01(\x08\x42\x03\xe0\x41\x03\"X\n\x18IdentityAwareProxyClient\x12\x11\n\x04name\x18\x01 \x01(\tB\x03\xe0\x41\x03\x12\x13\n\x06secret\x18\x02 \x01(\tB\x03\xe0\x41\x03\x12\x14\n\x0c\x64isplay_name\x18\x03 \x01(\t2\x8f\x10\n\x1eIdentityAwareProxyAdminService\x12t\n\x0cSetIamPolicy\x12\".google.iam.v1.SetIamPolicyRequest\x1a\x15.google.iam.v1.Policy\")\x82\xd3\xe4\x93\x02#\"\x1e/v1/{resource=**}:setIamPolicy:\x01*\x12t\n\x0cGetIamPolicy\x12\".google.iam.v1.GetIamPolicyRequest\x1a\x15.google.iam.v1.Policy\")\x82\xd3\xe4\x93\x02#\"\x1e/v1/{resource=**}:getIamPolicy:\x01*\x12\x9a\x01\n\x12TestIamPermissions\x12(.google.iam.v1.TestIamPermissionsRequest\x1a).google.iam.v1.TestIamPermissionsResponse\"/\x82\xd3\xe4\x93\x02)\"$/v1/{resource=**}:testIamPermissions:\x01*\x12\x81\x01\n\x0eGetIapSettings\x12*.google.cloud.iap.v1.GetIapSettingsRequest\x1a .google.cloud.iap.v1.IapSettings\"!\x82\xd3\xe4\x93\x02\x1b\x12\x19/v1/{name=**}:iapSettings\x12\xa2\x01\n\x11UpdateIapSettings\x12-.google.cloud.iap.v1.UpdateIapSettingsRequest\x1a .google.cloud.iap.v1.IapSettings\"<\x82\xd3\xe4\x93\x02\x36\x32&/v1/{iap_settings.name=**}:iapSettings:\x0ciap_settings\x12\xcc\x01\n\x1eValidateIapAttributeExpression\x12:.google.cloud.iap.v1.ValidateIapAttributeExpressionRequest\x1a;.google.cloud.iap.v1.ValidateIapAttributeExpressionResponse\"1\x82\xd3\xe4\x93\x02+\")/v1/{name=**}:validateAttributeExpression\x12\xc7\x01\n\x14ListTunnelDestGroups\x12\x30.google.cloud.iap.v1.ListTunnelDestGroupsRequest\x1a\x31.google.cloud.iap.v1.ListTunnelDestGroupsResponse\"J\xda\x41\x06parent\x82\xd3\xe4\x93\x02;\x12\x39/v1/{parent=projects/*/iap_tunnel/locations/*}/destGroups\x12\xf7\x01\n\x15\x43reateTunnelDestGroup\x12\x31.google.cloud.iap.v1.CreateTunnelDestGroupRequest\x1a$.google.cloud.iap.v1.TunnelDestGroup\"\x84\x01\xda\x41-parent,tunnel_dest_group,tunnel_dest_group_id\x82\xd3\xe4\x93\x02N\"9/v1/{parent=projects/*/iap_tunnel/locations/*}/destGroups:\x11tunnel_dest_group\x12\xb4\x01\n\x12GetTunnelDestGroup\x12..google.cloud.iap.v1.GetTunnelDestGroupRequest\x1a$.google.cloud.iap.v1.TunnelDestGroup\"H\xda\x41\x04name\x82\xd3\xe4\x93\x02;\x12\x39/v1/{name=projects/*/iap_tunnel/locations/*/destGroups/*}\x12\xac\x01\n\x15\x44\x65leteTunnelDestGroup\x12\x31.google.cloud.iap.v1.DeleteTunnelDestGroupRequest\x1a\x16.google.protobuf.Empty\"H\xda\x41\x04name\x82\xd3\xe4\x93\x02;*9/v1/{name=projects/*/iap_tunnel/locations/*/destGroups/*}\x12\xf9\x01\n\x15UpdateTunnelDestGroup\x12\x31.google.cloud.iap.v1.UpdateTunnelDestGroupRequest\x1a$.google.cloud.iap.v1.TunnelDestGroup\"\x86\x01\xda\x41\x1dtunnel_dest_group,update_mask\x82\xd3\xe4\x93\x02`2K/v1/{tunnel_dest_group.name=projects/*/iap_tunnel/locations/*/destGroups/*}:\x11tunnel_dest_group\x1a\x46\xca\x41\x12iap.googleapis.com\xd2\x41.https://www.googleapis.com/auth/cloud-platform2\xa8\x0c\n\x1eIdentityAwareProxyOAuthService\x12\x85\x01\n\nListBrands\x12&.google.cloud.iap.v1.ListBrandsRequest\x1a\'.google.cloud.iap.v1.ListBrandsResponse\"&\x82\xd3\xe4\x93\x02 \x12\x1e/v1/{parent=projects/*}/brands\x12\x81\x01\n\x0b\x43reateBrand\x12\'.google.cloud.iap.v1.CreateBrandRequest\x1a\x1a.google.cloud.iap.v1.Brand\"-\x82\xd3\xe4\x93\x02\'\"\x1e/v1/{parent=projects/*}/brands:\x05\x62rand\x12t\n\x08GetBrand\x12$.google.cloud.iap.v1.GetBrandRequest\x1a\x1a.google.cloud.iap.v1.Brand\"&\x82\xd3\xe4\x93\x02 \x12\x1e/v1/{name=projects/*/brands/*}\x12\xec\x01\n\x1e\x43reateIdentityAwareProxyClient\x12:.google.cloud.iap.v1.CreateIdentityAwareProxyClientRequest\x1a-.google.cloud.iap.v1.IdentityAwareProxyClient\"_\x82\xd3\xe4\x93\x02Y\":/v1/{parent=projects/*/brands/*}/identityAwareProxyClients:\x1bidentity_aware_proxy_client\x12\xda\x01\n\x1dListIdentityAwareProxyClients\x12\x39.google.cloud.iap.v1.ListIdentityAwareProxyClientsRequest\x1a:.google.cloud.iap.v1.ListIdentityAwareProxyClientsResponse\"B\x82\xd3\xe4\x93\x02<\x12:/v1/{parent=projects/*/brands/*}/identityAwareProxyClients\x12\xc9\x01\n\x1bGetIdentityAwareProxyClient\x12\x37.google.cloud.iap.v1.GetIdentityAwareProxyClientRequest\x1a-.google.cloud.iap.v1.IdentityAwareProxyClient\"B\x82\xd3\xe4\x93\x02<\x12:/v1/{name=projects/*/brands/*/identityAwareProxyClients/*}\x12\xe8\x01\n#ResetIdentityAwareProxyClientSecret\x12?.google.cloud.iap.v1.ResetIdentityAwareProxyClientSecretRequest\x1a-.google.cloud.iap.v1.IdentityAwareProxyClient\"Q\x82\xd3\xe4\x93\x02K\"F/v1/{name=projects/*/brands/*/identityAwareProxyClients/*}:resetSecret:\x01*\x12\xb8\x01\n\x1e\x44\x65leteIdentityAwareProxyClient\x12:.google.cloud.iap.v1.DeleteIdentityAwareProxyClientRequest\x1a\x16.google.protobuf.Empty\"B\x82\xd3\xe4\x93\x02<*:/v1/{name=projects/*/brands/*/identityAwareProxyClients/*}\x1a\x46\xca\x41\x12iap.googleapis.com\xd2\x41.https://www.googleapis.com/auth/cloud-platformB\xe5\x01\n\x17\x63om.google.cloud.iap.v1P\x01Z)cloud.google.com/go/iap/apiv1/iappb;iappb\xaa\x02\x13Google.Cloud.Iap.V1\xca\x02\x13Google\\Cloud\\Iap\\V1\xea\x02\x16Google::Cloud::Iap::V1\xea\x41W\n!iap.googleapis.com/TunnelLocation\x12\x32projects/{project}/iap_tunnel/locations/{location}b\x06proto3"
 
 pool = Google::Protobuf::DescriptorPool.generated_pool
 
@@ -60,9 +60,12 @@ module Google
         UpdateIapSettingsRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.iap.v1.UpdateIapSettingsRequest").msgclass
         IapSettings = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.iap.v1.IapSettings").msgclass
         AccessSettings = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.iap.v1.AccessSettings").msgclass
+        AccessSettings::IdentitySource = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.iap.v1.AccessSettings.IdentitySource").enummodule
         GcipSettings = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.iap.v1.GcipSettings").msgclass
         CorsSettings = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.iap.v1.CorsSettings").msgclass
         OAuthSettings = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.iap.v1.OAuthSettings").msgclass
+        WorkforceIdentitySettings = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.iap.v1.WorkforceIdentitySettings").msgclass
+        OAuth2 = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.iap.v1.OAuth2").msgclass
         ReauthSettings = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.iap.v1.ReauthSettings").msgclass
         ReauthSettings::Method = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.iap.v1.ReauthSettings.Method").enummodule
         ReauthSettings::PolicyType = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.iap.v1.ReauthSettings.PolicyType").enummodule
@@ -72,6 +75,8 @@ module Google
         AccessDeniedPageSettings = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.iap.v1.AccessDeniedPageSettings").msgclass
         AttributePropagationSettings = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.iap.v1.AttributePropagationSettings").msgclass
         AttributePropagationSettings::OutputCredentials = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.iap.v1.AttributePropagationSettings.OutputCredentials").enummodule
+        ValidateIapAttributeExpressionRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.iap.v1.ValidateIapAttributeExpressionRequest").msgclass
+        ValidateIapAttributeExpressionResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.iap.v1.ValidateIapAttributeExpressionResponse").msgclass
         ListBrandsRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.iap.v1.ListBrandsRequest").msgclass
         ListBrandsResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.iap.v1.ListBrandsResponse").msgclass
         CreateBrandRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.iap.v1.CreateBrandRequest").msgclass

data/lib/google/cloud/iap/v1/service_services_pb.rb

@@ -55,6 +55,8 @@ module Google
             # Updates the IAP settings on a particular IAP protected resource. It
             # replaces all fields unless the `update_mask` is set.
             rpc :UpdateIapSettings, ::Google::Cloud::Iap::V1::UpdateIapSettingsRequest, ::Google::Cloud::Iap::V1::IapSettings
+            # Validates that a given CEL expression conforms to IAP restrictions.
+            rpc :ValidateIapAttributeExpression, ::Google::Cloud::Iap::V1::ValidateIapAttributeExpressionRequest, ::Google::Cloud::Iap::V1::ValidateIapAttributeExpressionResponse
             # Lists the existing TunnelDestGroups. To group across all locations, use a
             # `-` as the location ID. For example:
             # `/v1/projects/123/iap_tunnel/locations/-/destGroups`

data/lib/google/cloud/iap/v1/version.rb

@@ -21,7 +21,7 @@ module Google
   module Cloud
     module Iap
       module V1
-        VERSION = "1.2.0"
+        VERSION = "1.3.0"
       end
     end
   end

data/proto_docs/google/api/client.rb

@@ -221,6 +221,12 @@ module Google
       #     Pythonic which are included in `protobuf>=5.29.x`. This feature will be
       #     enabled by default 1 month after launching the feature in preview
       #     packages.
+      # @!attribute [rw] unversioned_package_disabled
+      #   @return [::Boolean]
+      #     Disables generation of an unversioned Python package for this client
+      #     library. This means that the module names will need to be versioned in
+      #     import statements. For example `import google.cloud.library_v2` instead
+      #     of `import google.cloud.library`.
       class ExperimentalFeatures
         include ::Google::Protobuf::MessageExts
         extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -409,6 +415,14 @@ module Google
     #   @return [::Array<::String>]
     #     An allowlist of the fully qualified names of RPCs that should be included
     #     on public client surfaces.
+    # @!attribute [rw] generate_omitted_as_internal
+    #   @return [::Boolean]
+    #     Setting this to true indicates to the client generators that methods
+    #     that would be excluded from the generation should instead be generated
+    #     in a way that indicates these methods should not be consumed by
+    #     end users. How this is expressed is up to individual language
+    #     implementations to decide. Some examples may be: added annotations,
+    #     obfuscated identifiers, or other language idiomatic patterns.
     class SelectiveGapicGeneration
       include ::Google::Protobuf::MessageExts
       extend ::Google::Protobuf::MessageExts::ClassMethods

data/proto_docs/google/cloud/iap/v1/service.rb

@@ -120,15 +120,14 @@ module Google
         # A TunnelDestGroup.
         # @!attribute [rw] name
         #   @return [::String]
-        #     Required. Immutable. Identifier for the TunnelDestGroup. Must be unique
-        #     within the project and contain only lower case letters (a-z) and dashes
-        #     (-).
+        #     Identifier. Identifier for the TunnelDestGroup. Must be unique within the
+        #     project and contain only lower case letters (a-z) and dashes (-).
         # @!attribute [rw] cidrs
         #   @return [::Array<::String>]
-        #     Unordered list. List of CIDRs that this group applies to.
+        #     Optional. Unordered list. List of CIDRs that this group applies to.
         # @!attribute [rw] fqdns
         #   @return [::Array<::String>]
-        #     Unordered list. List of FQDNs that this group applies to.
+        #     Optional. Unordered list. List of FQDNs that this group applies to.
         class TunnelDestGroup
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -170,10 +169,10 @@ module Google
         #     Required. The resource name of the IAP protected resource.
         # @!attribute [rw] access_settings
         #   @return [::Google::Cloud::Iap::V1::AccessSettings]
-        #     Top level wrapper for all access related setting in IAP
+        #     Optional. Top level wrapper for all access related setting in IAP
         # @!attribute [rw] application_settings
         #   @return [::Google::Cloud::Iap::V1::ApplicationSettings]
-        #     Top level wrapper for all application related settings in IAP
+        #     Optional. Top level wrapper for all application related settings in IAP
         class IapSettings
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -182,28 +181,51 @@ module Google
         # Access related settings for IAP protected apps.
         # @!attribute [rw] gcip_settings
         #   @return [::Google::Cloud::Iap::V1::GcipSettings]
-        #     GCIP claims and endpoint configurations for 3p identity providers.
+        #     Optional. GCIP claims and endpoint configurations for 3p identity
+        #     providers.
         # @!attribute [rw] cors_settings
         #   @return [::Google::Cloud::Iap::V1::CorsSettings]
-        #     Configuration to allow cross-origin requests via IAP.
+        #     Optional. Configuration to allow cross-origin requests via IAP.
         # @!attribute [rw] oauth_settings
         #   @return [::Google::Cloud::Iap::V1::OAuthSettings]
-        #     Settings to configure IAP's OAuth behavior.
+        #     Optional. Settings to configure IAP's OAuth behavior.
         # @!attribute [rw] reauth_settings
         #   @return [::Google::Cloud::Iap::V1::ReauthSettings]
-        #     Settings to configure reauthentication policies in IAP.
+        #     Optional. Settings to configure reauthentication policies in IAP.
         # @!attribute [rw] allowed_domains_settings
         #   @return [::Google::Cloud::Iap::V1::AllowedDomainsSettings]
-        #     Settings to configure and enable allowed domains.
+        #     Optional. Settings to configure and enable allowed domains.
+        # @!attribute [rw] workforce_identity_settings
+        #   @return [::Google::Cloud::Iap::V1::WorkforceIdentitySettings]
+        #     Optional. Settings to configure the workforce identity federation,
+        #     including workforce pools and OAuth 2.0 settings.
+        # @!attribute [rw] identity_sources
+        #   @return [::Array<::Google::Cloud::Iap::V1::AccessSettings::IdentitySource>]
+        #     Optional. Identity sources that IAP can use to authenticate the end user.
+        #     Only one identity source can be configured.
         class AccessSettings
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
+
+          # Types of identity source supported by IAP.
+          module IdentitySource
+            # IdentitySource Unspecified.
+            # When selected, IAP relies on which identity settings are fully configured
+            # to redirect the traffic to. The precedence order is
+            # WorkforceIdentitySettings > GcipSettings. If none is set, default to use
+            # Google identity.
+            IDENTITY_SOURCE_UNSPECIFIED = 0
+
+            # Use external identities set up on Google Cloud Workforce Identity
+            # Federation.
+            WORKFORCE_IDENTITY_FEDERATION = 3
+          end
         end
 
         # Allows customers to configure tenant_id for GCIP instance per-app.
         # @!attribute [rw] tenant_ids
         #   @return [::Array<::String>]
-        #     GCIP tenant ids that are linked to the IAP resource.
+        #     Optional. GCIP tenant ids that are linked to the IAP resource.
         #     tenant_ids could be a string beginning with a number character to indicate
         #     authenticating with GCIP tenant flow, or in the format of _<ProjectNumber>
         #     to indicate authenticating with GCIP agent flow.
@@ -241,24 +263,58 @@ module Google
         #     since access behavior is managed by IAM policies.
         # @!attribute [rw] programmatic_clients
         #   @return [::Array<::String>]
-        #     List of OAuth client IDs allowed to programmatically authenticate with IAP.
+        #     Optional. List of client ids allowed to use IAP programmatically.
         class OAuthSettings
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
         end
 
+        # WorkforceIdentitySettings allows customers to configure workforce pools and
+        # OAuth 2.0 settings to gate their applications using a third-party IdP with
+        # access control.
+        # @!attribute [rw] workforce_pools
+        #   @return [::Array<::String>]
+        #     The workforce pool resources. Only one workforce pool is accepted.
+        # @!attribute [rw] oauth2
+        #   @return [::Google::Cloud::Iap::V1::OAuth2]
+        #     OAuth 2.0 settings for IAP to perform OIDC flow with workforce identity
+        #     federation services.
+        class WorkforceIdentitySettings
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # The OAuth 2.0 Settings
+        # @!attribute [rw] client_id
+        #   @return [::String]
+        #     The OAuth 2.0 client ID registered in the workforce identity federation
+        #     OAuth 2.0 Server.
+        # @!attribute [rw] client_secret
+        #   @return [::String]
+        #     Input only. The OAuth 2.0 client secret created while registering the
+        #     client ID.
+        # @!attribute [r] client_secret_sha256
+        #   @return [::String]
+        #     Output only. SHA256 hash value for the client secret. This field is
+        #     returned by IAP when the settings are retrieved.
+        class OAuth2
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
         # Configuration for IAP reauthentication policies.
         # @!attribute [rw] method
         #   @return [::Google::Cloud::Iap::V1::ReauthSettings::Method]
-        #     Reauth method requested.
+        #     Optional. Reauth method requested.
         # @!attribute [rw] max_age
         #   @return [::Google::Protobuf::Duration]
-        #     Reauth session lifetime, how long before a user has to reauthenticate
-        #     again.
+        #     Optional. Reauth session lifetime, how long before a user has to
+        #     reauthenticate again.
         # @!attribute [rw] policy_type
         #   @return [::Google::Cloud::Iap::V1::ReauthSettings::PolicyType]
-        #     How IAP determines the effective policy in cases of hierarchial policies.
-        #     Policies are merged from higher in the hierarchy to lower in the hierarchy.
+        #     Optional. How IAP determines the effective policy in cases of hierarchical
+        #     policies. Policies are merged from higher in the hierarchy to lower in the
+        #     hierarchy.
         class ReauthSettings
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -280,7 +336,7 @@ module Google
             ENROLLED_SECOND_FACTORS = 4
           end
 
-          # Type of policy in the case of hierarchial policies.
+          # Type of policy in the case of hierarchical policies.
           module PolicyType
             # Default value. This value is unused.
             POLICY_TYPE_UNSPECIFIED = 0
@@ -298,10 +354,10 @@ module Google
         # and allow access to only the domains that you list.
         # @!attribute [rw] enable
         #   @return [::Boolean]
-        #     Configuration for customers to opt in for the feature.
+        #     Optional. Configuration for customers to opt in for the feature.
         # @!attribute [rw] domains
         #   @return [::Array<::String>]
-        #     List of trusted domains.
+        #     Optional. List of trusted domains.
         class AllowedDomainsSettings
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -310,17 +366,17 @@ module Google
         # Wrapper over application specific settings for IAP.
         # @!attribute [rw] csm_settings
         #   @return [::Google::Cloud::Iap::V1::CsmSettings]
-        #     Settings to configure IAP's behavior for a service mesh.
+        #     Optional. Settings to configure IAP's behavior for a service mesh.
         # @!attribute [rw] access_denied_page_settings
         #   @return [::Google::Cloud::Iap::V1::AccessDeniedPageSettings]
-        #     Customization for Access Denied page.
+        #     Optional. Customization for Access Denied page.
         # @!attribute [rw] cookie_domain
         #   @return [::Google::Protobuf::StringValue]
         #     The Domain value to set for cookies generated by IAP. This value is not
         #     validated by the API, but will be ignored at runtime if invalid.
         # @!attribute [rw] attribute_propagation_settings
         #   @return [::Google::Cloud::Iap::V1::AttributePropagationSettings]
-        #     Settings to configure attribute propagation.
+        #     Optional. Settings to configure attribute propagation.
         class ApplicationSettings
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -363,9 +419,9 @@ module Google
         # by IAP.
         # @!attribute [rw] expression
         #   @return [::String]
-        #     Raw string CEL expression. Must return a list of attributes. A maximum of
-        #     45 attributes can be selected. Expressions can select different attribute
-        #     types from `attributes`: `attributes.saml_attributes`,
+        #     Optional. Raw string CEL expression. Must return a list of attributes. A
+        #     maximum of 45 attributes can be selected. Expressions can select different
+        #     attribute types from `attributes`: `attributes.saml_attributes`,
         #     `attributes.iap_attributes`. The following functions are supported:
         #
         #      - filter `<list>.filter(<iter_var>, <predicate>)`: Returns a subset of
@@ -393,14 +449,14 @@ module Google
         #     ['test']).append(attributes.iap_attributes.selectByName('exact').emitAs('custom').strict())`
         # @!attribute [rw] output_credentials
         #   @return [::Array<::Google::Cloud::Iap::V1::AttributePropagationSettings::OutputCredentials>]
-        #     Which output credentials attributes selected by the CEL expression should
-        #     be propagated in. All attributes will be fully duplicated in each selected
-        #     output credential.
+        #     Optional. Which output credentials attributes selected by the CEL
+        #     expression should be propagated in. All attributes will be fully duplicated
+        #     in each selected output credential.
         # @!attribute [rw] enable
         #   @return [::Boolean]
-        #     Whether the provided attribute propagation settings should be evaluated on
-        #     user requests. If set to true, attributes returned from the expression will
-        #     be propagated in the set output credentials.
+        #     Optional. Whether the provided attribute propagation settings should be
+        #     evaluated on user requests. If set to true, attributes returned from the
+        #     expression will be propagated in the set output credentials.
         class AttributePropagationSettings
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -425,6 +481,26 @@ module Google
           end
         end
 
+        # Request sent to IAP Expression Linter endpoint.
+        # @!attribute [rw] name
+        #   @return [::String]
+        #     Required. The resource name of the IAP protected resource.
+        # @!attribute [rw] expression
+        #   @return [::String]
+        #     Required. User input string expression. Should be of the form
+        #     `attributes.saml_attributes.filter(attribute, attribute.name in
+        #     ['\\{attribute_name}', '\\{attribute_name}'])`
+        class ValidateIapAttributeExpressionRequest
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # IAP Expression Linter endpoint returns empty response body.
+        class ValidateIapAttributeExpressionResponse
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
         # The request sent to ListBrands.
         # @!attribute [rw] parent
         #   @return [::String]

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: google-cloud-iap-v1
 version: !ruby/object:Gem::Version
-  version: 1.2.0
+  version: 1.3.0
 platform: ruby
 authors:
 - Google LLC
 bindir: bin
 cert_chain: []
-date: 2025-01-29 00:00:00.000000000 Z
+date: 2025-04-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: gapic-common
@@ -122,7 +122,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.6.2
+rubygems_version: 3.6.5
 specification_version: 4
 summary: Controls access to cloud applications running on Google Cloud Platform.
 test_files: []